Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-4703

Опубликовано: 03 июл. 2019
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2019-4703: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-118.36.1]

  • tun: call dev_get_valid_name() before register_netdevice() (Cong Wang) [Orabug: 29925557] {CVE-2018-7191}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-118.36.1.el6uek

0.4.5-3.el6

kernel-uek

3.8.13-118.36.1.el6uek

kernel-uek-debug

3.8.13-118.36.1.el6uek

kernel-uek-debug-devel

3.8.13-118.36.1.el6uek

kernel-uek-devel

3.8.13-118.36.1.el6uek

kernel-uek-doc

3.8.13-118.36.1.el6uek

kernel-uek-firmware

3.8.13-118.36.1.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-118.36.1.el7uek

0.4.5-3.el7

kernel-uek

3.8.13-118.36.1.el7uek

kernel-uek-debug

3.8.13-118.36.1.el7uek

kernel-uek-debug-devel

3.8.13-118.36.1.el7uek

kernel-uek-devel

3.8.13-118.36.1.el7uek

kernel-uek-doc

3.8.13-118.36.1.el7uek

kernel-uek-firmware

3.8.13-118.36.1.el7uek

Связанные CVE

CVE-2018-7191

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2018-7191

CVSS3: 5.5
ubuntu
около 6 лет назад

In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.

redhat логотип

CVE-2018-7191

CVSS3: 6.2
redhat
больше 7 лет назад

In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.

nvd логотип

CVE-2018-7191

CVSS3: 5.5
nvd
около 6 лет назад

In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.

debian логотип

CVE-2018-7191

CVSS3: 5.5
debian
около 6 лет назад

In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid ...

github логотип

GHSA-p54q-624c-fr42

github
около 3 лет назад

In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.